Review #2_OpenVAS and Metasploit

I’ve heard Nessus is the most popular tool among other vulnerability scan tools. I’ve never used it before at work, but it was always fun to try new tools. I set up Nessus to find vulnerability for my own kali linux #2 (Debian7 64bit) and localhost, which is 127.0.0.1. I find useful feature of vulnerability scan on Nessus, which is CVE numbers and CVSS. As we already know, lot of company follows security testing methodology which is based on CVE(Common Vulnerability and Exposure), so this information is easy to check the security and identify the vulnerability. You can find more details on the offical CVE site, https://cve.mitre.org .If you are using free Nessus, some of feature is locked because you have to buy Nessus tools. Because of this, most of my coworker prefer using OpenVas

Chapter 6 : Exploiting Vulnerabilities

This chapter was familiar with me because i had experience with msfconsole function on Metasploit. When I worked as a security test methodology researcher, I used lot of ethical hacking methodology to find out security level of IPS and Firewall. I set up vulnerable environment on the targets, vmware machines based on CVE and exploit the target machines with that vulnerability and see whether it’s blocked or detected by IPS or Firewall. I used two exploit on msfconsole, PDF was easy because it’s putting embedded exploitable code into the file.

But the second vulnerability, ‘Browser_autopwn’ was hard because i need another victim vmware to test and get connection. this attack use reverse TCP connection to get a control. I set LHOST(local host IP) and SRVHOST as 192.168.247.132 which is IP address of this kali linux. I set URIPATH as ‘/’ simply.

Once you exploit, then your victim pc needs to go into that URL ‘ http://192.168.247.132:8080’ to connect reverse_tcp with attacker. I tried to use Debian linux kali as a victim vm, but the session was not opened. So i installed windows XP vwmare as another victim vmware.

Hacking other network or system is illegal and considered as crime. I am not responsible for what you do with this information. This blog is for educational purposes only.

Recent Posts: Info In Security

Kioptrix level 2 Vulnbub is perfect place to practice hands-on experience for pen-test. I personally recommend do most of vulnhub lab before registering PWK(OSCP) course. Kioptrix level 2 : https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ Easily download the virtual machine image from the link, set up the network into Bridge or NAT (depends on your preference) (kioptrix level2 img) 0. […]

https://www.hackthebox.eu/ To signup the ‘Hack the Box’ website needs to find “invite code”. First, find the missing/hidden information on the page. You can easily edit HTML elements with developer tools, which will show on your browser by pressing key F12. You can see the token value is changing whenever refreshing the page. Sadly, token […]

Started at 20th Oct and ended on 22nd. Unlike other CTF that you can easily submit flag value on web, PWN2WIN 2017 CTF ask us to submit flag value via github. So we spent 2 or 3 hours to setup that environment (getting ssh, getting team’s key..) but it was fun!! For CTF questions, you […]

Search

Search for:

Text Widget

This is a text widget, which allows you to add text or HTML to your sidebar. You can use them to display text, links, images, HTML, or a combination of these. Edit them in the Widget section of the Customizer.